| Frank Hartmann on Wed, 13 Aug 1997 19:50:52 +0200 (MET DST) | 
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| <nettime> Microsoft's "cancel" is an ambiguous word | 
... from this week's real audio interview transcript between McChesney from Hotwired and Brad Chase, manager of the Internet Explorer at Microsoft, on the release of the new IE 4.0: > McChesney: Let's talk a little about security. One of the things that I find incredibly annoying is that I like to > know when a cookie is being set on my hard drive. I also like to know when there's an Active X threat out there. > When I arm my browser now to do that, I get about 5 million windows, particularly here at HotWired. It seems > like there's a cookie every 15 seconds that comes up, and what I like about the Netscape browser is that the > cookie alert window has two things you can push on. One says "OK," accept the cookie. Two says "Cancel." > And I've never been sure whether when I press the Cancel button that means the cookie comes anyway. I don't > know what Microsoft does about it now, but it's a very annoying thing. How do you take care of that in the new > browser? > > Chase: Well, there's a number of things we've done. We call the situation you're referring to "authorization > fatigue." > > McChesney: Right. Good term. Like compassion fatigue. > > Chase: Yeah. People are just tired of seeing all these security alerts and having to respond to them all. At the > same time, they do want to make choices about what they do. And as a consequence, we've innovated with a > new feature in Internet Explorer 4 called security zones. And there's some default zones, like an intranet zone or > an Internet zone.... > > McChesney: You mean intranet zone, and Internet zone, the intranet being inside your company and > something you fully trust, or at least you have to. > > Chase: That's correct. You're supposed to. And so one of the things that's a lot different is today, on a > Netscape browser or a Microsoft browser, you have to basically make security decisions for all sites at one > time. And as a consequence it's really very difficult, and that's how you end up with authorization fatigue. So with > Internet Explorer 4 and zones, you can develop groupings of sites and give them certain types of security > clearances. And we do very basic common-sense things as defaults, like for example your intranet site, your > internal company site, has a lower security setting, and an Internet site has a higher security setting, where you > will get warned about things like Active X controls. > > McChesney: Now in that zone; I mean, you have the trusted zone where you've picked out some sites that you > think are not going to mess you up or send unwanted email or do all kinds of things to you like export your > Quicken files and drain your bank account, or whatever might happen out there, but ... > > Chase: Just your bank account, John. > > McChesney: Yeah, I hear Active X controls can do that. But we'll talk about that some other time. When you get > - when you're in the Internet zone, you get alerts, that is, this is the untested area out there, the great unknown, > what does the alert look like? I mean, is it the same kind of alert we're getting now? > > Chase: Well, we've tried to make the alerts a little more consumer-friendly, but they do try to also be direct to > make people cognizant of the choices they need to make. So they are, I think, pretty similar to what you need to > have now, perhaps a little more friendly is the simplest way to summarize it. > > McChesney: Does it say Accept or Reject? > > Chase: Yeah, or OK or Cancel. > > McChesney: Cancel is an ambiguous word in there, you have to admit. I mean, it seems to me to mean you're > just canceling the box, rather than canceling the cookie. > > Chase: I don't actually know if we have an OK or Cancel per se. I mean, the problem is that you're dealing with > a number of messages here. I don't remember them all off the top of my head. I would encourage you to try > these situations yourself, and let me know if you think it's, if you think our messages are unclear. But I think we > do a pretty good job of making it clear what your options are. ----- --- # distributed via nettime-l : no commercial use without permission # <nettime> is a closed moderated mailinglist for net criticism, # collaborative text filtering and cultural politics of the nets # more info: majordomo@icf.de and "info nettime" in the msg body # URL: http://www.desk.nl/~nettime/ contact: nettime-owner@icf.de